Skip to main content
CVE-2022-30628 MEDIUM This Month

It was possible to download all receipts without authentication. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Supersmart Me Walk Through
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31475 MEDIUM This Month

Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal Givewp
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-30536 MEDIUM PATCH This Month

Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress Wp Maintenance
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-30337 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress Wp Meta Seo
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-32289 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress Popup Builder
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy